By Mike Fry, Security Practice Director, Logicalis UK&I
Ransomware is increasingly causing massive disruption to businesses globally, even though Gartner estimates that nearly 95% of ransomware attacks are preventable. Simply paying the ransom is unlikely to be a solution as only 8% of businesses that pay succeed in getting back all of their encrypted files. Whilst it may seem like an answer, scouring for ways to avoid paying the ransom doesn’t stop the cost of a ransomware attack. The consequence of such attack is beyond just the ransom with businesses experiencing downtime and risking sensitive data becoming exposed.
The best remedy to any attack is by preventing ransomware from infiltrating any networks to begin with. However, such strategies come with their own limitations. It’s now becoming increasingly clear that human error is the most common cause of security breaches, and employee education on ransomware is the key to bolstering security.
What is a ransomware attack?
Ransomware is a subset of malware. By nature, ransomware denies a user or organisation access to files on a device by encrypting theses files and demanding a ransom payment for the decryption key. A ransomware attack aims to put an individual or business in a complete stranglehold, where the easiest and cheapest way to regain access is to pay. The motive for such attacks is monetary, unlike other types of attacks, the victim is notified that a breach has occurred and is given instructions on how to recover from the attack.
Ransomware can enter a network in many ways—the most common way is a download via phishing or smishing. Around 90% of attacks enter through this way. The download then launches the ransomware program that attacks the system or network. The repercussions for the victim of the attack can be catastrophic and, in some cases, fatal to a business or person.
Ransomware aims to exploit vulnerabilities and encrypt all connected systems and drives, including backups. Some cyber criminals even seek to lock up backup systems, knowing exactly how devastating the effects can be. By comprising a single storage fabric, attackers can harm multiple servers at once.
Datacentres and cloud storage are attractive targets for attackers, giving opportunities to exploit compute, storage, and network functionality. In the past, when ransomware wasn’t particularly sophisticated, the damage was often limited to the business’s on-premises hard disks and data centres. However, with the increase in cloud consumption and usage, ransomware has evolved and is now capable of encrypting the contents of entire network shares.
Time for some G&Ts? Governance, technique, technology.
Some ransomware groups are now opting to go straight for backups and attack or compromise them. Immutable backups can be a good option when faced with these issues. Once Immutable backups are written, they cannot be altered and can only be written to or erased by the software that made it. Further security measures can be implemented with immutable backups, requiring several people’s PINs to overwrite a backup. But, as with everything, the more advanced ransomware attacks become, the more difficult it becomes to keep up-to-speed with the most effective prevention methods.
Other strategies to defend storage and backup include storing at least one backup offsite or online. Having a disaster recovery plan in place also ensures organisations are prepared for the worst, helping them to react quickly to any attacks that may come their way. Finally, employee education is majorly important to defending against ransomware attacks. Educating staff on the common types of ransomwares, backup protocol and testing backups can elevate a defence.
Backup! Knowing your limits is a strength, not a weakness.
Although ransomware has pushed IT and technology teams to place backup and recovery at the top of their agendas, ransomware is becoming increasingly advanced. Double and triple-extortion attacks allow for malware to remain undetected for longer. When organisations deal with a ransomware attack, if they can detect it, there is a high risk that compromised backups could reinfect systems.
Human error is responsible for 90% of security breaches meaning that some of the best backup and recovery systems can offer little protection against ransomware. The rate at which employees received a phishing email last year increased by 15%, and 81% of organisations globally have reported an increase in attempted phishing attacks. Currently, only 60% of organisations offer any kind of formal cyber security education to those using their system. Educating staff on how their behaviour and actions can offer entry points to cybercriminals can help to bolster security technologies and techniques.
Cybercriminals use sophisticated methods to access an enterprise’s most sensitive data. When an attack is successful, businesses that have a disaster recovery plan in plan can minimise lost revenue and shorten downtime. Ensuring devices are updated to the latest software is just one simple way organisations can bolster their security.
However, businesses must understand these technologies and techniques can only go so far. Stopping ransomware attacks at their source through their education of employees around spotting suspicious emails and activity can go a long way.